• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisa warns of actively exploited critical oracle fusion middleware vulnerability

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

You are here: Home / General Cyber Security News / CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability
November 29, 2022

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Regarded Exploited Vulnerabilities (KEV) Catalog, citing evidence of energetic exploitation.

The vulnerability, tracked as CVE-2021-35587, carries a CVSS rating of 9.8 and impacts Oracle Accessibility Supervisor (OAM) versions 11.1.2.3., 12.2.1.3., and 12.2.1.4..

CyberSecurity

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Prosperous exploitation of the distant command execution bug could allow an unauthenticated attacker with network entry to fully compromise and just take about Obtain Supervisor cases.

“It may well give the attacker entry to OAM server, to build any person with any privileges, or just get code execution in the victim’s server,” Vietnamese security researcher Nguyen Jang (Janggggg), who claimed the bug along with peterjson, mentioned previously this March.

The issue was resolved by Oracle as component of its Critical Patch Update in January 2022.

Supplemental information with regards to the nature of the attacks and the scale of the exploitation initiatives are quickly unclear. Knowledge gathered by danger intelligence business GreyNoise shows that makes an attempt to weaponize the flaw have been ongoing and originate from the U.S., China, Singapore, and Canada.

Also extra by CISA to the KEV catalog is the not too long ago patched heap buffer overflow flaw in the Google Chrome web browser (CVE-2022-4135) that the internet giant acknowledged as getting been abused in the wild.

Federal companies are required to apply the vendor patches by December 19, 2022, to secure networks from opportunity threats.

Uncovered this article interesting? Stick to THN on Fb, Twitter  and LinkedIn to go through extra special articles we article.


Some parts of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Phishing Campaign Impersonating UAE Ministry of Human Resources Grows
Next Post: Elon Musk Unveils End-to-End Encrypted DMs For Twitter 2.0 Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.